Making Condor Safer with… A Collaborative Marketplace for Continuous Software Assurance Brooklin Gore, Chief Operations Officer

Slides:

Advertisements

Similar presentations

Red Soft strategy presentation and Q&A

Advertisements

Update on OCIs Cybersecurity Activities for CASC September 2011 Kevin Thompson.

Community Based Cyber Security Program Technical Assistance Package Nicholas Corea Program Director G&H International Services for Donald Lumpkins, Program.

Joint CASC/CCI Workshop Report Strategic and Tactical Recommendations EDUCAUSE Campus Cyberinfrastructure Working Group Coalition for Academic Scientific.

Illinois Shared Learning Environment Illinois Pathways Initiative – Lead Entity Discussion October 11, 2012 Illinois Department of Commerce and Economic.

Integrated Ocean Observing System (IOOS) Data Management and Communication (DMAC) Standards Process Julie Bosch NOAA National Coastal Data Development.

Public Safety Communications Research Program A joint program between NIST’s Communications Technology Laboratory & NTIA’s Institute for Telecommunication.

Science Gateway Security Recommendations Jim Basney Von Welch This material is based upon work supported by the.

David A. Brown Chief Information Security Officer State of Ohio

OHIO SACWIS OHIO SACWIS PCSAO Executive Membership Meeting 26 February 2004.

Open Security Technology Washington, DC February 11, 2011 Dept. of Homeland Security Science & Technology Directorate Luke Berndt Program Manager.

DHS, National Cyber Security Division Overview

National Protection and Programs Directorate Department of Homeland Security The Office of Infrastructure Protection Cybersecurity Brief [Date of presentation]

Fiscal Year 2008 Urban Areas Security Initiative Nonprofit Security Grant Program Investment Justification Questions, Criteria, and Prioritization Methodology.

Password?. Project CLASP: Common Login and Access rights across Services Plan

EInfrastructures (Internet and Grids) - 15 April 2004 Sharing ICT Resources – “Think Globally, Act Locally” A point-of-view from the United States Mary.

Data Sources & Using VIVO Data Visualizing Scholarship VIVO provides network analysis and visualization tools to maximize the benefits afforded by the.

National Computational Science Alliance Boston University Access Grid Conference Facility at Boston University Jennifer Teig von Hoffman.

Evidence-Based Policy Making / Decision Support Luis Furlan Director, Center for Studies in Applied Informatics – Universidad del Valle de Guatemala Kevin.

Framework for Improving Critical Infrastructure Cybersecurity Overview and Status Executive Order “Improving Critical Infrastructure Cybersecurity”

SDLC Phase 2: Selection Dania Bilal IS 582 Spring 2009.

Welcome to HTCondor Week #14 (year #29 for our project)

Efforts to Sustain Asthma Home Visiting Interventions in Massachusetts Jean Zotter, JD Director, Office of Integrated Policy, Planning and Management and.

WELCOME!  The live event will begin at 2PM ET.  Q&A sessions with the presenters will follow.  Please have your speakers turned on.  Do you hear the.

E2 Tech Forum November 15, 2011 Andrew Wilson, Executive Director.

Network Security Resources from the Department of Homeland Security National Cyber Security Division.

TeraGrid Science Gateways: Scaling TeraGrid Access Aaron Shelmire¹, Jim Basney², Jim Marsteller¹, Von Welch²,

1 Community-Based Care Readiness Assessment and Peer Review Team Procedures Overview Guide Department of Children and Families And Florida Mental Health.

National Center for Supercomputing Applications University of Illinois at Urbana-Champaign Developing a Comprehensive GENI Cyber Security Program Adam.

Ben Livelsberger NIST Information Technology Laboratory, CFTT Program

Texas Tech University NSF-SFS Workshop on Educational Initiatives in Cybersecurity for Critical Infrastructure Workshop Summary May 3, 2013 Support for.

Chow6/23/2003 sgfr1 SFGR: Secure Groupware for First Responder C. Edward Chow Chip Benight Ganesh Godavari.

PhUSE Computational Science Working Groups Solutions Through Collaboration.

Virginia Local Government IT Executives (VALGITE) April 26, 2010 Bruce Sturk & Leslie Fuentes – City of Hampton.

A transformative force in the software eco-system Software Assurance MarketPlace SWAMP Von Welch January 28 th, 2014 OWASP Bloomington.

“This initiative will help bring our best ideas to market right here in New York State.” – Governor Andrew Cuomo.

Miron Livny Center for High Throughput Computing Computer Sciences Department University of Wisconsin-Madison Open Science Grid (OSG)

EECS 710: Information Security and Assurance Assignment #3 Brent Frye 10/13/

Miron Livny Computer Sciences Department University of Wisconsin-Madison Condor : A Concept, A Tool and.

DV/dt - Accelerating the Rate of Progress towards Extreme Scale Collaborative Science DOE: Scientific Collaborations at Extreme-Scales:

Tutorial: Building Science Gateways TeraGrid 08 Tom Scavo, Jim Basney, Terry Fleury, Von Welch National Center for Supercomputing.

Evolution of Grid Projects and what that means for WLCG Ian Bird, CERN WLCG Workshop, New York 19 th May 2012.

Innovation: The Key to the Future of Security  Douglas Maughan, Division Director, DHS S&T  Moderator: Illena Armstrong.

Rick Segal CEO Fixmo, Inc.. The Starting Point The Mobile Device is the most personal computer you will ever own.The Mobile Device is the most personal.

Emergency Management Training and Education System Protection and National Preparedness National Preparedness Directorate National Training and Education.

GRIDS Center Middleware Overview Sandra Redman Information Technology and Systems Center and Information Technology Research Center National Space Science.

GRID Overview Internet2 Member Meeting Spring 2003 Sandra Redman Information Technology and Systems Center and Information Technology Research Center National.

SOS August 21, 2006 GGF Security for Open Science Center for Enabling Technology Lead PI - Deb Agarwal, Lawrence Berkeley National Laboratory - Lawrence.

Leveraging the InCommon Federation to access the NSF TeraGrid Jim Basney Senior Research Scientist National Center for Supercomputing Applications University.

Keeping Up With Moore’s Law 1 Keeping Up With Moore’s Law: Course Management Panel Robert Cartolano Manager, Academic Technologies, Academic Information.

Status Organization Overview of Program of Work Education, Training It’s the People who make it happen & make it Work.

1 Educator Performance and Support System (EPSS) Information Session April 4 th, 2012.

1 HIGHER EDUCATION PROGRAMS AT NASA K. E. BLANDING, PH.D. Acting Director, Higher Education Division NASA Office of Education.

February 19, 2015 Learning & Research NSU Dr. George Hsieh Department of Computer Science.

Fiscal Year 2007 Urban Area Security Initiative Nonprofit Security Grant Program Investment Justification Questions, Criteria, and Prioritization Methodology.

PhUSE Computational Science Working Groups Solutions Through Collaboration.

INFSO-RI JRA2 Test Management Tools Eva Takacs (4D SOFT) ETICS 2 Final Review Brussels - 11 May 2010.

1 st EGI CMMST VT meeting 19 February 2013 A. Laganà (UNIPG, Italy)

GRIDS Center John McGee, USC/ISI April 10, 2003 Internet2 – Spring Member Meeting Arlington, VA NSF Middleware Initiative.

Getting to Know the SWAMP (Software Assurance Marketplace) Irene Landrum Assistant Project Manager.

SOFTWARE LIFECYCLE. What functions would ISEES perform?

OSG Facility Miron Livny OSG Facility Coordinator and PI University of Wisconsin-Madison Open Science Grid Scientific Advisory Group Meeting June 12th.

BruinTech Vendor Meet & Greet December 3, 2015

Security for Open Science

ONAP Security Sub-committee Update

Colorado Measures of Academic Success (CMAS) Regional DTC Meetings

Aberdeen proving ground advanced planning briefing to industry

School of Education Opportunity for Discovery, Learning & Engagement

A Grid Authorization Model for Science Gateways

Computer Emergency Response Team

Presentation transcript:

Making Condor Safer with… A Collaborative Marketplace for Continuous Software Assurance Brooklin Gore, Chief Operations Officer

U.S. Department of Homeland Security Science and Technology Directorate o Software Assurance Marketplace project part of $70+ million multi-year Cyber Security Division effort to improve security of nation’s critical information infrastructure o BAA involves 34 awards to 29 academic, commercial and research organizations in 14 technical areas focused on detecting, preventing and responding to cyber attacks

Software Assurance Marketplace o Six proposals submitted o Awarded to Morgridge Institute for Research with Indiana University, University of Illinois Urbana- Champaign, and UW−Madison as subcontractors o Offers industry, academia and government agencies no-cost access to a secure research facility with analytical and reporting capabilities o Will help the software assurance community improve the security of software used in the nation’s critical infrastructure

Software Assurance Marketplace Organization Software Assurance Marketplace Director Miron Livny Chief Operations Officer Brooklin Gore Software Development Production Identity Mgmt. Lead Jim Basney Chief Security Officer Von Welch Operations Center Security Operations Chief Scientist Barton Miller Software Assurance Tools and Standards User Support External Resources Morgridge Institute for Research Indiana Univ. Pervasive Technology Institute U. of Wisconsin Middleware Security and Testing Group U. Of Illinois NCSA Cybersecurity Directorate ~ 24 Team Members

A Growing Need…

Use Cases Software Developers Upload software packages for analysis by a suite of software assurance tools and view results via dashboard. Cybersecurity Researchers Review data on tool coverage and common weaknesses to improve standards, education and certification programs. Software Assurance Tool Developers Upload SWA tools and evaluate against large corpus of SW packages and test suites with known weaknesses. Software Assurance Marketplace

User Communities SwA Tool Developers SwA Researchers Software Developers Educators & Students Infrastructure Operators

Making HTCondor Safer with Continuous Software Assurance o In the past o Used BaTLab for release build and test o Ran Coverity static analysis tool before stable releases o Today o Use BaTLab for per commit build and test o Running Coverity ‘continuously’ o Working on adding a 2 nd tool from GrammaTech o Spring 2014 o Use SWAMP for continuous integration and CSwA o Continuous runs with a corpus of open source and commercial static analysis tools o Over time, adding dynamic tools, improved results viewing

Major Deliverables Year Phase BuildBetaEnhanceOperate SWAMP Operational (Version 1.0 of CoSALab and Metronome) V3 of CoSALab and Metronome Third SWAMP User’s Meeting V1 Stable Release of Metronome Second SWAMP User’s Meeting V2 of CoSALab and Metronome Third SWAMP User’s Meeting Fourth SWAMP User’s Meeting Final Metronome Release Feb. 2, 2014 Oct. 1, 2012 Oct. 1, 2013 Date Sep. 30, 2015 Sep. 30, 2017 Planning First SWAMP Community Meeting

Jan Initial Operating Capabilities 5 Tools Clang, cppcheck, Oink (C, C++) Findbugs, PMD (Java) Commercial – TBD Developers bring more 100 Packages C, C++, Java Open Source Include test suites (e.g. NIST SATE) Developers bring more 8 Platforms Debian Fedora Red Hat Scientific Linux Ubuntu Windows Current + Last Version? Requests? (to be defined)

You are the key! o We need your input – how do you envision using such a resource? What tools, packages, policies, topics, platforms would help you? o We need your involvement – help with tools, packages, standards, technical literature, seminars, training. o We need your feedback – the good, the bad, and the ugly. Contact us: